How to protect "setting.js" and "flow.json" files from modifications by unauthorized users?
Which is the best technique?
Are you on Windows or Linux?
The best technique for both is to prevent unauthorised users from accessing your system.
Don't make your Node-red installation accessible from the internet.
Use secure passwords to protect your OS user account and access to the editor.
There is a section of the documentation on Securing Node-red.
If you are on Linux your user should not have passwordless access to sudo.
Change the ownership of settings.js to root:root
But note that if someone has access to your OS login there is no simple way to fully protect Node-red.
1 Like
Please define who these users are. Users who have physical access to the server? Those who have direct access to your local network? Hackers trying to break in via node red access from the Internet? Others?
Hi,
Users who have physical access to the server with administrator rights.
Operating System: Windows
Consider moving Node-red to a different machine that nobody else has admin access to.
As long as it's on the same network, you can still access the editor from the PC as <IP Address>:1880 or <Hostname>:1880
If somebody has physical access to the machine, all bets are off, let alone if they already have admin access.
